Part 1: Recognizing Scams & Social Engineering

🗺️ Series: Overview • Part 1: Recognizing Scams (current page) • Part 2: Essential Tools → • Part 3: Network Security → • Part 4: Daily Habits →

⚠️ Disclaimer

I’m not a certified security professional or lawyer. I’m just sharing my experience and security habits - things I try to follow myself and urge my mom to practice as well. This is not a professional security consultation, nor a legal advice. Your situation may differ. When in doubt, consult with qualified paid professionals.

The most sophisticated security tools in the world won’t help if people fall for scams. The weakest link in security is almost always the human. Hackers know this, which is why they spend more time trying to trick people than trying to break through firewalls.

This post covers the most important skill in cybersecurity: recognizing when someone is trying to manipulate us.

🎯 Golden Rule

If something sounds too good to be true, it probably, most likely, definitely - is.

1. I Trust My Gut Feeling

Remember “Floor is Lava”? That’s how I treat suspicious emails.

Email & Phishing Red Flags

1. I don’t open suspicious emails and links. Phishing attacks are the #1 way hackers get into accounts.
2. Gmail and Outlook catch most spam, but they’re not perfect. I still check everything.
3. I check if I’ve been hacked: I visit Have I Been Pwned every few months to see if my email/password leaked in any data breaches.

What I Tell My Mom to Look For

Red flags in emails:

• Misspelled sender addresses (amazom.com instead of amazon.com)
• Generic greetings (“Dear Customer” instead of my name)
• Urgent threats (“Your account will be closed in 24 hours!”)
• Unexpected attachments or links
• Grammar mistakes in “official” emails

🔑 Key Trick

Hover your mouse over links (don’t click!) to see the real destination. If it looks suspicious, it probably is.

2. If It Sounds Too Good to Be True, It Probably Is

I don’t trust messages on the Internet - Facebook, LinkedIn, X (Twitter), WhatsApp, Instagram, TikTok, whatever.

Scammers use social engineering - psychological manipulation to trick people into trusting them.

Common Social Engineering Tactics I’ve Seen

“You won the lottery!” - No, they didn’t. “Click here to claim your prize!” - I tell Mom: don’t click. “Your friend sent you money!” - Did they though? I call them directly. “Hot singles in your area!” - Classic scam. “This one weird trick…“ - Nope.

People who fall for these might as well be buying the Brooklyn Bridge.

3. When I’m Not Sure About Something

If I have doubts about an email or attachment, here’s what I do:

1. Scan it with my antivirus
2. Check it with VirusTotal (free file scanning service)
3. Ask someone tech-savvy
4. I don’t open it until I’m sure it’s safe

💀 Real Attack

My friend’s company lost $50,000 because someone in accounting opened a fake invoice attachment. The invoice looked perfect - same format, logo, everything. The only difference? The email address was off by one letter.

4. What I Never Give Out

This is so important, I told Mom twice.

I Never Share

• Passwords
• Social Security Number (SSN)
• Credit card info
• Bank account numbers
• Security question answers
• One-time codes sent to my phone

Especially Important

1. If the call was unsolicited - What I do: I never trust inbound calls about security. If “my bank” calls me, I hang up and call them back using the number on the back of my credit card.

2. Only use PUBLICLY published contact info - I only call numbers from the back of my credit card or the bank’s official website. Random 800 numbers? Nope.

3. Security questions - I’m careful not to post security question answers on social media (school name, pet’s name, hometown, etc.).

🔐 Lock This Down

Banks never ask for passwords, PINs, or full card numbers. If someone claiming to be from my bank asks for these, I know it’s a scam.

5. Are You Bernie Madoff?

If not, chances are the FBI, IRS, and Royal Canadian Mounties are NOT after you.

If They Are Actually After You

They will:

• Come knocking with a warrant (and maybe a SWAT team)
• Send a certified letter via USPS
• Contact you through official channels

They Will NOT

1. Call over a staticky international line with a robo-call
2. Ask for SSN, birth certificate, or personal info over the phone
3. Accept payment via credit card or Zelle transfer
4. And they will definitely not ask for Target or Walmart gift cards

🚩 Red Flags

• Robo-calls claiming to be from government agencies
• Threats of immediate arrest or legal action
• Demands for immediate payment
• Requests for gift cards or wire transfers
• Pressure to act quickly without thinking

What I do: Hang up. Look up the official number. Call them back.

6. What I Made Mom Repeat Out Loud

“I do not give out any security information.”

I made her say it twice.

Yeah, it sounds silly. But it works.

Real-World Examples I’ve Seen

The Grandparent Scam

Someone calls claiming to be a grandchild, saying they’re in jail and need bail money. They sound panicked. They beg people not to tell their parents.

What I told Mom: Hang up and call me directly. Or call the “grandchild” at their real number.

The Tech Support Scam

“This is Microsoft calling. Your computer has a virus. We need remote access to fix it.”

What I told Mom: Hang up. Microsoft doesn’t call random people. Neither does Apple.

The Package Delivery Scam

“Your package couldn’t be delivered. Click this link to reschedule.”

What I do: I go directly to the shipping company’s website. I never click links in texts.

Teaching This to My Mom

Here’s how I explain social engineering to my mom:

“Mom, scammers are like really good salespeople. They make you feel urgency, fear, or excitement so you act without thinking. The moment you feel rushed to make a decision, STOP. That’s when they’ve got you.”

We have a code word. If something feels off, she sends me the code word and I call her immediately to talk through it.

What I’d Do First If Starting Over

If I were starting fresh, here’s what I’d focus on first:

• Check Have I Been Pwned - I do this quarterly for my email
• Delete suspicious emails - I went through my inbox and cleared out anything sketchy
• Talk to elderly family members about phone scams - I had this conversation with Mom, and it paid off
• Set up a code word system - Mom and I use this for security emergencies

Next in Series

Part 2: Essential Security Tools →

Learn about the TWO most important security tools everyone needs: password managers and two-factor authentication. These two things protect people from 80% of attacks.

More Resources

• FTC: How to Recognize and Avoid Phishing Scams
• CISA: Avoid Social Engineering and Phishing Attacks
• AARP Fraud Watch Network - Great for elderly family members

Last updated: January 31, 2025